All about GDPR

What is GDPR and why does it matter?

It’s almost time for the latest shakeup in the web industry — the GDPR deadline. What the heck is GDPR? And why does it matter for your WordPress site? Dive in with us to learn more. As a note to our clients, this is something we’ll be updating for you so you shouldn’t have to worry about it too much, though we’ll probably have you review some text so be on the lookout for those emails.

If you’re one of those people who loves to get into the legal and technical nitty gritty, you’ll probably want to just head over to https://www.eugdpr.org and read it in all its detail. For the rest of us, here’s the summary:

It’s a regulation created by the European Union (EU) about how personal data is handled online (General Data Protection Regulation, i.e. GDPR).

The goal is to better inform users on how their data is being used online, and to give them better visibility and access to that data.

Users should have the ability to have that information removed at their request.

There’s more to it, but that’s definitely the gist. Here’s the kicker: You might be thinking, “My website has nothing to do with Europe. Why does this apply to me?”

The bummer (or great thing depending on your point of view) is that this applies to all European visitors to a site, regardless of where the website or operator of the website is located. Due to the wonderful “World Wide” part of the World Wide Web, pretty much any website could be visited by someone from the EU and therefore falls under these guidelines.

The EU has also said they’ll enforce fines for those who aren’t following the rules, so definitely better safe than sorry in this case.

Ok I get it, but what do I do?

It sounds like a huge pain, and could be, but from what we’ve found, it’s not too bad to at least get to the bare minimum standards to comply with GDPR. Granted, we are not lawyers, but from our review of this and our web knowledge, this seems pretty safe, and we’ve already implemented these steps on our website.

The first thing is that any time you’re collecting information from a user, they need to acknowledge they’re giving it to you. For things like forms (even contact forms), this usually means one of those checkboxes that says, “By using this form you agree with the storage and handling of your data by this website from this form.”

And that checkbox need to be unchecked﻿ by default. That’s important! To comply, you can’t have these sort of checkboxes checked by default. A site visitor has to actually do something intentional in order to give their consent.

This is also a great place to link to your website’s privacy policy.

Privacy policy? I’m just running a little tiny website! I don’t have user accounts, or run a shop or anything! That might be true, but I bet you’re collecting analytics data through something like Google Analytics, which falls under all of this as well.

It’s sounds like a big deal, but most of it is really boilerplate, and you can find several online generators to help with crafting a privacy policy, such as this awesome one by the folks at Shopify: https://www.shopify.com/tools/policy-generator (you don’t need a Shopify account). So craft that amazingly exciting privacy policy, put it up on your site, and link to it so users can read it if they want.

So about user who request their data or request that their data be deleted? This is a little more involved but if you’re running a WordPress site, we found this awesome plugin called WPGDPR that handles this and a lot of other things more or less out of the box.

It helps with creating things like contact form messages, but also in creating a form where users can request information you’ve collected on them (contact forms, users accounts, WordPress comments, Woocommerce data, etc). They’ll get an email with a url to view the data that’s valid for 24 hours, and they’ll even be able to request that data be scrubbed. Pretty awesome functionality out of this plugin and if you check their roadmap, they’ve got a lot more planned.

It also looks like WordPress will fold a lot of this stuff into the main WordPress software with the next update. We’ll keep an eye on that for you.

What about Woocommerce?

We’ve talked about our love of Woocommerce but we’ve kind of breezed past it so far. What about those sites? All of the above still applies to those sites, but the great folks at Woocommerce have announced that the latest update of Woocommerce, 3.4, should be release around May 23, and will include a bunch of tools to make sure that Woo sites are compliant, but also doesn’t mess up your order information. It’s a bit of a complicated process, and we’re glad they’re handling this out of the box. We’ll be updating all of our clients’ e-commerce sites once that becomes available.

It’s not that bad

All in all, it’s really not that much work getting your site up to date, but it does require a little bit of attention.

And we’re hopeful that wide adoption of GDPR compliance will only help protect consumer data online. If you have any more questions on GDPR, especially with how it relates to WordPress sites, feel free to contact us using the contact form below!

Steven Quinn

With a master’s degree in Visual Effects and Animation, Steven is a coding whiz and a jack of all trades. He handles web development, graphic design, and 3D modeling and rendering. Before co-founding Figoli Quinn with Tony, Steven worked as a designer and web developer at a financial services company and at other agencies. Steven is a former member of the University of Oregon marching band, and when he’s not working you are likely to find him playing any of the various musical instruments he knows.